Lucene search

K
Dreamer Cms ProjectDreamer Cms

11 matches found

CVE
CVE
added 2024/03/10 11:15 a.m.61 views

CVE-2024-2354

A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed...

6.5CVSS4.6AI score0.00062EPSS
CVE
CVE
added 2024/04/04 9:15 p.m.61 views

CVE-2024-3311

A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit...

8.8CVSS6.5AI score0.00207EPSS
CVE
CVE
added 2023/11/13 4:15 p.m.56 views

CVE-2023-48058

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run

8.8CVSS8.8AI score0.00076EPSS
CVE
CVE
added 2023/11/13 4:15 p.m.51 views

CVE-2023-48060

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add

8.8CVSS8.8AI score0.00076EPSS
CVE
CVE
added 2024/03/31 5:15 a.m.49 views

CVE-2024-3118

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the publ...

8.8CVSS6.4AI score0.00032EPSS
CVE
CVE
added 2023/09/03 11:15 p.m.47 views

CVE-2023-4743

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an...

4.8CVSS4.5AI score0.00063EPSS
CVE
CVE
added 2022/11/17 4:15 a.m.44 views

CVE-2022-42245

Dreamer CMS 4.0.01 is vulnerable to SQL Injection.

9.8CVSS9.5AI score0.00056EPSS
CVE
CVE
added 2023/03/30 11:15 p.m.41 views

CVE-2023-1746

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to th...

5.4CVSS4.4AI score0.0007EPSS
CVE
CVE
added 2023/05/02 1:15 p.m.32 views

CVE-2023-2473

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be in...

7.5CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2023/12/24 9:15 p.m.30 views

CVE-2023-7091

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to th...

8.8CVSS7.6AI score0.00269EPSS
CVE
CVE
added 2024/03/21 2:52 a.m.18 views

CVE-2024-25811

An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information.

6.5CVSS6.7AI score0.00149EPSS